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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

I )S Responsive to communication(s) filed on 24 January 2005 . 
2a)l3 This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) I3 Claim(s) 1. 2.4-6,8-1 5.17.1 8 and 20-25 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) I3 Claim(s) 1.2.4-6.8-15.17.18 and 20-25 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)E3 The drawing(s) filed on 26 April 2001 is/are: aM accepted or b)D objected to by the Examiner. 
Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

I I )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) D Notice of References Cited (PTO-892) 

2) O Notice of Drafts person's Patent Drawing Review (PTO-948) 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 

Paper No(s)/Mail Date . 



4) D Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) Q Notice of Informal Patent Application (PTO-1 52) 

6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 20040817 



Application/Control Number: 09/843,403 
Art Unit: 2132 



Page 2 



DETAILED ACTION 
Response to Amendment 

1. Applicant's amendment filed 24 January 2005 amends claims 1 3 4, 5, 6, 9, 10, 15, 21, 22, 
and cancels claims 3, 7, 16, 19, and 26-42. Applicant's amendment has been fully considered and 
is entered. 

Response to Arguments 

2. Applicant's arguments filed 24 January 2005 have been fully considered but they are not 
persuasive. 

3. Applicant's arguments fail to comply with 37 CFR 1 . 1 1 1(b) because they amount to a 
general allegation that the claims define a patentable invention without specifically pointing out 
how the language of the claims patentably distinguishes them from the references. 

4. Applicant's arguments do not comply with 37 CFR 1 . 1 1 1(c) because they do not clearly 
point out the patentable novelty which he or she thinks the claims present in view of the state of 
the art disclosed by the references cited or the objections made. Further, they do not show how 
the amendments avoid such references or objections. 

Claim Rejections -35 USC §102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 
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6. Claims 1, 2, 4-6, 8-13, 15, 17, 18, 20-24 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Doyle, U.S. Patent No. 6,128,738. Referring to claims 1-4, 6, 1 1-13, 15-18, 23, 
24, Doyle discloses certificate-based security wherein a user, which meets the limitation of a 
service receiving device, requests access to secure applications from a host computer by mutual 
authentication (Col. 4, lines 63-66), which meets the limitation of service provider which is an 
authentication object that provides services and the service receiving device that is also is an 
authentication object and receives services provided by the service provider, using a user 
certificate and signature that was created by a gateway system (Col. 4, lines 22-55). The gateway 
system creates the certificate and signature in response to a request by a user for certification 
information (Col. 3, lines 1-14), which meets the limitations of an access control server 
registration server, wherein the access control server registration server is configured to execute 
a processing for requesting access control server to execute issuance of the access permission, 
upon receipt of an access permission issuance request from the service receiving device, at least 
one system holder which is an organization that provides or controls contents usable by a user 
terminal, the system holder is configured to administrate the service provider and the service 
receiving device and to treat the service provider and the service receiving device as 
authentication objects. If the user's certificate and signature are authenticated at the host system 
the user is granted access to the secure applications, if not then the session is rejected (Col. 4, 
lines 49-55), which meets the limitation of wherein the service provider performs, based on the 
access permission, a decision as to whether an access request by the service receiving device is 
to be permitted. The user computer contains a storage means to store the security packet and 
certificate information (Col. 3, lines 46-53 & Fig. 5), which meets the limitation of a data storage 
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means that stores an access permission containing service provider identification data which 
identifies the service provider an access to which by a device has been permitted. Doyle 
discloses that the certificates and signatures created are usable for a plurality of services (Col. 1, 
line 66 - Col. 2, line 15), which meets the limitation of generating access permissions in a form 
independently usable for the service provider that were formerly present in claims 7 and 19 and 
currently amended into claims 1 and 15. 

Referring to claim 5, Doyle discloses that the user certificate can provide user access to a 
plurality of host applications (Col. 5, line 59 - Col. 6, line 14). 

Referring to claims 8, 20, Doyle discloses that the certificates and signatures created are 
usable for a plurality of services (Col. 1, line 66 - Col. 2, line 15). 

Referring to claims 9, 21, Doyle discloses that the certificate is an electronic statement of 
identity that allows building a trust relationship between parties wishing to exchange information 
using a preexisting trust relationship that each of the parties has with a third party (Col. 1, lines 
5-9), which meets the limitations of an access control server set fixed field set by the access 
control server, and a service provider set option field set by each of the service providers. The 
certificate is created with digital signature information (Col. 3, lines 1-10), which meets the 
limitation of an electronic signature field to be performed by the access control sever. 

Referring to claims 10, 22, Doyle discloses that the certificate contains user information 
that is a replacement for a user id and password (Col. 3, lines 4-9). 

Claim Rejections - 35 JJSC § 103 
7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

8. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 
(1966), that are applied for establishing a background for determining obviousness under 35 
U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating obviousness 
or nonobviousness. 

9. Claim 14, 25 is rejected under 35 U.S.C. 103(a) as being unpatentable over Doyle, U.S. 
Patent No. 6,128,738, in view of Misra, U.S. Patent No. 5,757,920. Referring to claim 14, 25, 
Doyle discloses certificate-based security wherein a user, which meets the limitation of a service 
receiving device, requests access to secure applications from a host computer by mutual 
authentication (Col. 4, lines 63-66), which meets the limitation of service provider which is an 
authentication object that provides services and the service receiving device that is also is an 
authentication object and receives services provided by the service provider, using a user 
certificate and signature that was created by a gateway system (Col. 4, lines 22-55). The gateway 
system creates the certificate and signature in response to a request by a user for certification 
information (Col. 3, lines 1-14), which meets the limitations of an access control server 
registration server, wherein the access control server registration server is configured to execute 
a processing for requesting access control server to execute issuance of the access permission, 
upon receipt of an access permission issuance request from the service receiving device, at least 
one system holder which is an organization that provides or controls contents usable by a user 
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terminal, the system holder is configured to administrate the service provider and the service 
receiving device and to treat the service provider and the service receiving device as 
authentication objects. If the user's certificate and signature are authenticated at the host system 
the user is granted access to the secure applications, if not then the session is rejected (Col. 4, 
lines 49-55), which meets the limitation of wherein the service provider performs, based on the 
access permission, a decision as to whether an access request by the service receiving device is 
to be permitted. Doyle does not disclose that the certificates are revocable. Misra discloses a 
logon certification system wherein the certificates have expiration dates and are revocable (Col. 

9, lines 60-67). It would have been obvious to one of ordinary skill in the art at the time the 
invention was made for the certificates of Doyle to be revocable in order to limit the security risk 
of having valid certificates for user accounts that are inactive as taught in Misra (Col. 10, lines 1- 
13). 

Conclusion 

10. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE- MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
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however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

1 1 . Specifically, the limitations of claims 7 and 19, now cancelled, were not included the 
Doyle rejection from Office Action 22 October 2004 because of the 1 12 second paragraph issues 
that were cleared up with this amendment and are now rejectable under the prior art. See 
rejection above. 

12. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Benjamin E Lanier whose telephone number is 571-272-3805. 
The examiner can normally be reached on M-ThO 7:30am-5:00pm, F 7:30am-4pm. 



supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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